DirectAccess was introduced inward Windows 8.1 in addition to Windows Server 2012 operating systems every bit a characteristic to let Windows users to connect remotely. However, next the launch of Windows 10, the deployment of this infrastructure has witnessed a decline. Microsoft has been actively encouraging organizations considering a DirectAccess solution to instead implement client-based VPN alongside Windows 10. This Always On VPN connectedness delivers a DirectAccess-like sense using traditional remote access VPN protocols such every bit IKEv2, SSTP, in addition to L2TP/IPsec. Besides, it comes alongside around additional benefits every bit well.
The novel characteristic was introduced inward the Windows 10 Anniversary Update to let IT-administrators to configure automatic VPN connectedness profiles. As mentioned earlier, Always On VPN has around of import advantages over DirectAccess. For instance, Always On VPN tin lav utilization both IPv4 in addition to IPv6. So, if y'all accept around apprehensions almost the hereafter viability of DirectAccess, in addition to if y'all encounter all of the requirements to back upwards Always On VPN alongside Windows 10, thence possibly switching to the latter is the right choice.
Always On VPN for Windows 10 customer computers
This tutorial walks y'all through the steps to deploy Remote Access Always On VPN connections for remote customer computers that are running Windows 10.
Before proceeding whatsoever further, ensure y'all accept the next inward place:
- An Active Directory domain infrastructure, including ane or to a greater extent than Domain Name System (DNS) servers.
- Public Key Infrastructure (PKI) in addition to Active Directory Certificate Services (AD CS).
To cause Remote Access Always On VPN Deployment, install a novel Remote Access server that is running Windows Server 2016.
Next, perform the next actions alongside the VPN Server:
- Install 2 Ethernet network adapters inward the physical server. If y'all are installing the VPN server on a VM, y'all must practise 2 External virtual switches, ane for each physical network adapter; in addition to thence practise 2 virtual network adapters for the VM, alongside each network adapter connected to ane virtual switch.
- Install the server on your perimeter network betwixt your border in addition to internal firewalls, alongside ane network adapter connected to the External Perimeter Network, in addition to ane network adapter connected to the Internal Perimeter Network.
After y'all consummate the inward a higher house procedure, install in addition to configure Remote Access every bit a unmarried tenant VPN RAS Gateway for point-to-site VPN connections from remote computers. Try configuring Remote Access every bit a RADIUS Client thence that it is inward a seat to post connectedness requests to the scheme NPS server for processing.
Enroll in addition to validate the VPN server certificate from your certification ascendancy (CA).
NPS Server
If y'all are non aware, it is the server is installed on your organization/corporate network. It is necessary to configure this server every bit a RADIUS server thence every bit to enable it to have connectedness requests from the VPN server. Once the NPS server starts receiving requests, it processes the connectedness requests in addition to performs authorization in addition to authentication steps before sending an Access-Accept or Access-Reject message to the VPN Server.
AD DS Server
The server is an on-premises Active Directory domain, which hosts on-premises user accounts. It requires y'all to setup the next items on the domain controller.
- Enable certificate autoenrollment inward Group Policy for computers in addition to users
- Create the VPN Users Group
- Create the VPN Servers Group
- Create the NPS Servers Group
- CA Server
The Certification Authority (CA) Server is a certification ascendancy that is running Active Directory Certificate Services. The CA enrolls certificates that are used for PEAP client–server authentication in addition to creates certificates based on certificate templates. So, first, y'all take away to practise certificate templates on the CA. The remote users that are allowed to connect to your scheme network must accept a user describe of piece of job organisation human relationship inward AD DS.
Also, brand certain that your firewalls let the traffic that is necessary for both VPN in addition to RADIUS communications to business office correctly.
Apart from having these server components inward place, ensure that the customer computers y'all configure to utilization VPN are running Windows 10 v 1607 or later. The Windows 10 VPN customer is highly configurable in addition to offers many options.
This take away is designed for deploying Always On VPN alongside the Remote Access server piece of job on an on-premises scheme network. Please practise non endeavour to deploy Remote Access on a virtual machine (VM) inward Microsoft Azure.
For consummate details in addition to configuration steps, y'all tin lav refer this Microsoft Document.
Also read: How to setup & utilization AutoVPN inward Windows 10 to connect remotely.
Source: https://www.thewindowsclub.com/
comment 0 Comments
more_vert